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LISTING OF CLAIMS 



1. (original) A method for securely providing data of a 
content provider to a user without trusting an internet 
service provider, said method comprising: 

a. generating a first key known only to said content 
provider; 1 

b. ancrypting a second key using said first key and 
an encryption algorithm requiring a one-time password; 

c. storing said encrypted second key on a client 
machine; and 

when salld user desires to access said data: 

d. decrypting said second encrypted key using said 
first key; ami 

e. accessing said data using said second key. 

2. (original* A method as recited in claim 1, further 
comprising the \step of transmitting the identity of said 
client machine to said content provider to authenticate that 
said user is using said client machine, thereby permitting 
said data to be accessed only on said client machine. 

3. (original) A\ method as recited in claim 1, wherein 
said one-time password is a unique user identifier and 
wherein said one- time password is transmitted out of band. 
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4 (original) A method as recited in claim 1, wherein said 
second Key is retired in an algorithm that generates a 
session kej which is used to decrypt said data. 

5 (original) A method for securely providing data of a 
content protider to a user without trusting an internet 
service prolider, said method comprising: 

a. generating a first key known only to said content 

provider; . 

b erlcrypting a second key using said first key and 
an encryptiol algorithm requiring a one-time password and a 
separate uset provided password; 

c. storing said encrypted second key on a client 

machine ; and 

when saili user desires to access said data: 

d. decrypting said second encrypted key using said 

user provided password; and 

e. accessing said data using said second key. 



6. (original )\ A method as recited in claim 5, further 
comprising the \tep of transmitting the identity of said 
client machine 4> said content provider to authenticate that 
said user is usi\g said client machine, thereby permitting 
said data to be accessed only on said client machine 
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7. (original) A method as recited in claim 5, wherein 
said one-timi password is a unique user identifier and 
wherein said lone-time password is transmitted out of band. 

8. {original.) A method as recited in claim 5 f wherein said 
second key islrequired in an algorithm that generates a 
session key wHich is used to decrypt said data. 

9. (original* In a communications network having at least 
a content provider node and a plurality of client machines, 
a method of autfrienti eating a user seeking access to secure 
data of said content provider, said method comprising: 

a. transmitting gAa and the identity of the user of 
aid one client idachine to said content provider node, 
wherein g and a kre random numbers and where a is known only 
to said client mlchine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 

c. encryptiing gAb with a one-time password of said 

user; 

d. calculating gA(a*b) by said client machine using 
said one-time passwbrd to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client Imachine' s knowledge of gA(a*b) 
authenticates said ufeer to said content provider. 
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10. (orig±4al 
comprising 



t he 



particular 
provider to 
machine, the 
said client 



) A method as recited in claim 9, further 
step of transmitting the identity of a 
ojne of said client machines to said content 
authenticate that said user is using said client 
reby permitting said data to be accessed only on 
nachine . 



in a 



11 . (origi 
comprising 
code on gA(a 
the results 
said client, 
to authenti 



1} A method as recited in claim 9, further 
the step of performing a method authenticated 
*b) at said content provider and transmitting 
of performing said method authenticated code to 
where said client machine verifies said results 
cite said content provider. 



12. (original) A program storage device readable by a 
machine, tanglibly embodying a program of instructions 
executable by the machine to perform method steps for 
securely providing data of a content provider to a user, 
said method comprising: 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption sllgorithm requiring a one-time password; 

c. storing said encrypted second key on a client 
machine; and 
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when said user desires to access said data: 

d. decrypting said second encrypted key using said 
first key; and 

e. accessing said data using said second key. 




13. (originajL) A program storage device readable by a 
machine, tangibly embodying a program of instructions 
executable bylthe machine to perform method steps for 
securely providing data of a content provider to a user, 
said method comprising: 

a. generating a first key known only to said content 
provider; 

b. encrybting a second key using said first key and 
an encryption algorithm requiring a one-time password and a 
separate user provided password; 

c. storir^g said encrypted second key on a client 
machine; and 

when said uier desires to access said data: 

d. decrypting said second encrypted key using said 
user provided password; and 

e. accessing said data using said second key. 



14, (original) A brogram storage device readable by 
machine, tangibly embodying a program of instructions 
executable by the machine to perform method steps in a 
communications network having at least a content provider 
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node and a plu : 
authenticating 
content provide 



ality of client machines, said method steps 
a user seeking access to secure data of said 
r, said method steps comprising: 



a, transmitting gAa and the identity of the user of 




aid one client 
wherein g and a 
to said client 
provider and sa 
b. gener 
content provider 



machine to said content provider node, 
are random numbers and where a is known only 
aachine, and where g is known to both content 
d client machine; 

ting gAb, where b is known only to said 
node ; 

c. encrypting gAb with a one-time password of said 

user; 

d. calculating gA(a*b) by said client machine using 
said one-time pas sword to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA{a*b) 
authenticates said user to said content provider. 



15. (currently amtended) A computer program product for 
securely providing! data of a content provider to a user 
without first trustiing an internet service provider, said 
computer program prbduct comprising: 

a. first instruction means for generating a first key 
known only to said dontent provider; 
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b. sedond instruction means for encrypting a second 
key using saio first key and an encryption algorithm 
requiring a orte-time password; 

c. thirld instructions means for storing said 
encrypted second key on a client machine; and 

when saidluser desires to access said data: 

d. fourth instruction means for decrypting said 
second encrypted key using said first key; and 

e. fifth! instruction means for accessing said data 
using said second key. 

16. (original) A computer program product for securely 
providing data on a content provider to a user without 
trusting an internet service provider, said computer program 
product comprising: 

a. first irAstruction means for generating a first key 
known only to saidj content provider; 

b. second instruction means for encrypting a second 
key using said firstt key and an encryption algorithm 
requiring a one-tim^ password and a separate user provided 
password; 

c. third instruction means for storing said encrypted 
second key on a clieht machine; and 

when said user desires to access said data: 

d. fourth instruction means for decrypting said 
second encrypted key Using said user provided password; and 
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e. fifth instruction means for accessing said data 
using said second key. 



node and a plurc 
program for aut 




17. (original) I A computer program product for use in a 
communications network having at least a content provider 

lity of client machines, said computer 
ienticating a user seeking access to secure 
data of said content provider, said computer program product 
comprising: 

a. transmitting gAa and the identity of the user of 
aid one client mafchine to said content provider node, 
wherein g and a ate random numbers and where a is known only 
to said client madhine, and where g is known to both content 
provider and said Client machine; 

b. generating gAb, where b is known only to said 
content provider ndde; 

c. encryptinb gAb with a one-time password of said 

user; 

d. calculating gA(a*b) by said client machine using 
said one-time password to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said use\r to said content provider. 
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